Cross site request forgery (csrf)

2019-09-2601:15:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.7%

JSON

The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter.

CPENameOperatorVersion
manual_image_croplt1.11

CPE	Name	Operator	Version
	manual_image_crop	lt	1.11

References

cinu.pl/research/wp-plugins/mail_7c87194ce1dcf0642135d17a71ed91cd.html

wordpress.org/plugins/manual-image-crop/

wpvulndb.com/vulnerabilities/8297